SSL handshake failures when no data was sent over Twisted TLSConnection -

- June 15, 2012

i start looking @ implementing explicit ftp extending current twisted ftp.

most of code straight forward , implementing auth, pbsz, prot easy , got working secured control channel.

my problem data channel.

the client side error : ssl routines', 'ssl3_read_bytes', 'ssl handshake failure'

it looks ssl handshake , shutdown called when data send on data channel. affect case when sending empty files or listing empty folders, since before closing connection, client call ssl shutdown.

i looking after suggestion how , should search fixing tls handshake twisted tls when no data sent.

this code works when listing folders not empty... fail if folder contains no files or folders.

many thanks!

def getdtpport(self, factory):     """     return port passive access, using c{self.passiveportrange}     attribute.     """     portn in self.passiveportrange:         try:             if self.protected_data:                 dtpport = reactor.listenssl(                     port=portn, factory=factory,                     contextfactory=self.ssl_context)             else:                 dtpport = self.listenfactory(portn, factory)          except error.cannotlistenerror:             continue         else:             return dtpport     raise error.cannotlistenerror('', portn,         "no port available in range %s" %         (self.passiveportrange,))

update 1

i update text since comments not formated:

so ended with:

def getdtpport(self, factory):     """     return port passive access, using c{self.passiveportrange}     attribute.     """     portn in self.passiveportrange:         try:             if self.protected_data:                 tls_factory = tlsmemorybiofactory(                     contextfactory=self.ssl_context,                     isclient=false,                     wrappedfactory=factory)                 dtpport = reactor.listentcp(                     port=portn, factory=tls_factory)             else:                 dtpport = self.listenfactory(portn, factory)          except error.cannotlistenerror:             continue         else:             return dtpport     raise error.cannotlistenerror('', portn,         "no port available in range %s" %         (self.passiveportrange,))

update 2

the problem caused fact connection closed while handshake still running. don't know how check on empty connection ssl handshake done.

so ended stupid code

def loseconnection(self):     """     send tls close alert , close underlying connection.     """     self.disconnecting = true      def close_connection():         if not self._writeblockedonread:             self._tlsconnection.shutdown()             self._flushsendbio()             self.transport.loseconnection()      # if don't know if handshake done, wait bit     # , close connection.     # done avoid closing connection in middle of     # handshake.     if not self._handshakedone:         reactor.calllater(0.1, close_connection)     else:         close_connection()

the ssl handshake initiated do_handshake method of pyopenssl connection object. can initiated implicitly send or recv call. transport set reactor.connectssl , reactor.listenssl relies on latter. conclusion correct - handshake never performed if no data sent on connection.

however, twisted.protocols.tls calls do_handshake connection made. if set ssl server api instead, think you'll see problem resolved.

there plan reimplement former using latter, since latter seems work better in general.

Search This Blog

Aleternatvie